OAuth Dance : Simple way to get OAuth token ( TIPS & TRICKS )
nagendra1891 Apr 3, 2016 5:43 PMHey guys,
I am writing this thread to explain how to get OAuth token in a simple way !! ( Hope It helps )
How to make this Dance easy ???
Link --->>> OAuth 2.0 — OAuth
a brief knowledge on Oauth would help make this process fun learning !!
How to get jive Auth token ??
Two ways to get Tokens from Jive
1 . Use credentials to get a token ( Not a good idea to use this token ,if your trying to register Webhooks)
2. Use auth Grant way to get the Token ( Token valid for most of the use cases )
snapshot how the Work flow looks like
Step 1 Using Credentials
- curl -u '<client-id>:<client-secret>' -d'grant_type=password&username=userone&password=psswd1' https://<URL-of-Jive-Service>/oauth2/token
replace the values in < > with appropriate data and fire the call to jive
- Response for the above is the
{"token_type":"bearer","expires_in":"172799","refresh_token":"############################.r","access_token":"##################################.t"}
simple way in getting a token but can not be used for all kind of api calls .
Step 2 Using Auth Grant method
- <jive-url>/oauth2/authorize?client_id=<client_id>&response_type=code
fire a call to jive it redirects to this screen user clicks on grant access
- Next screen or the next step is that jive sends the AUTHGRANT code to redirect url
looks like this !! and AUTHGRANT TOKEN ENDS WITH .c https://client.application.com/oauth2/redirect?code=<authz_code>
- AuthGrant code is valid for few minutes!!! make sure you make a call for token soon !!! how ??
Use postman
Note : to do this you have to configure Call back url to POSTMAN
else keep your CURL command ready so that you can use it soon you get the AUTH GRANT code
curl -u '<CLIENT ID>:<CLIENT SCERET>' -d 'code=<AUTH GRANT CODE>&grant_type=authorization_code&client_id=<CLIENT ID>' <jive-url>/oauth2/token
- At this point you should have the TOKEN in the Following format
"scope":"uri:/api","token_type":"bearer","expires_in":"172799","refresh_token":"<Refresh TOKEN>","access_token":"<TOKEN>"}
******************************************************************************************************************************************************************************************************************************************************************************
Few Tips and tricks
Tip one if your using token to register a Webhook always use Auth Grant method
Tip two save your Refresh token and make single call to get TOKEN ( IF YOU HATE DANCING )
TIP three Set up post man for obtaining TOKEN ( POSTMAN will take care of Dancing , watch him get token )
TOKEN ending with >>> .i CLIENT ID ||
.S CLIENT SECRET ||
.C AUTH GRANT CODE ( MOST OFTEN MISTAKEN FOR TOKEN ) ||
.T TOKEN ( USED FOR API CALLS)
.R REFRESH TOKEN ( USED TO GET THE TOKEN WHEN EXPIRED )
Tip four all ways clear the cache when you are playing with this ( killed hours finding what was going wrong )
POST YOUR TIPS AND TRICKS ( SHARING IS CARING )
CHEERS !!